Add-DataGatewayClusterUser
Add user and associated permissions to cluster
Syntax
Add-DataGatewayClusterUser
[-Scope <PowerBIUserScope>]
-GatewayClusterId <Guid>
-PrincipalObjectId <Guid>
[-AllowedDataSourceTypes <DatasourceType[]>]
-Role <GatewayPrincipalRole>
[-RegionKey <String>]
[<CommonParameters>] Description
Add user and associated permissions to cluster
Examples
Example 1
PS C:\> $userToAdd = $(Get-AzADUser -ObjectId "testUpn@tenant.com").Id
PS C:\> $dsTypes = New-Object 'System.Collections.Generic.List[Microsoft.PowerBI.ServiceContracts.Api.DatasourceType]'
PS C:\> $dsTypes.Add([Microsoft.DataMovement.Powershell.GatewayClient.Gateways.Entities.DataSourceType]::Sql)
PS C:\> Add-DataGatewayClusterUser -GatewayClusterId DC8F2C49-5731-4B27-966B-3DB5094C2E77 -PrincipalObjectId $userToAdd -AllowedDataSourceTypes $dsTypes -Role ConnectionCreatorWithReshareThis example adds the user "testUpn@tenant.com" in the role of ConnectionCreatorWithReshare to the gateway cluster for SQL datasource types.
Example 2
PS C:\> $userToAdd = $(Get-AzADUser -ObjectId "testUpn@tenant.com").Id
PS C:\> Add-DataGatewayClusterUser -GatewayClusterId DC8F2C49-5731-4B27-966B-3DB5094C2E77 -PrincipalObjectId $userToAdd -AllowedDataSourceTypes $null -Role AdminThis example adds the user "adminTestUpn@tenant.com" in the role of Admin to the gateway cluster for all datasource types.
Note, the AllowedDataSourceTypes must be null when the role is admin (implying all datasource types are allowed).
Example 3
PS C:\> $userToAdd = $(Get-AzADUser -ObjectId "testUpn@tenant.com").Id
PS C:\> Add-DataGatewayClusterUser -GatewayClusterId DC8F2C49-5731-4B27-966B-3DB5094C2E77 -PrincipalObjectId $userToAdd -AllowedDataSourceTypes $null -Role Admin -RegionKey brazilsouthThis example adds the user "adminTestUpn@tenant.com" in the role of Admin to the gateway cluster for all datasource types.
Note, the AllowedDataSourceTypes must be null when the role is admin (implying all datasource types are allowed).
This command is run in the Brazil south region, so the gateway cluster ID provided should be in that region.
Example 4
PS C:\> $userToAdd = $(Get-AzADServicePrincipal -ApplicationId DC8F2C49-9087-4B27-966B-3DB5094C2E77).Id
PS C:\> Add-DataGatewayClusterUser -GatewayClusterId DC8F2C49-5731-4B27-966B-3DB5094C2E77 -PrincipalObjectId $userToAdd -AllowedDataSourceTypes $null -Role Admin -RegionKey brazilsouthThis example adds the the service principal for application id DC8F2C49-9087-4B27-966B-3DB5094C2E77 in the role of Admin to the gateway cluster for all datasource types. For more information, see Get-AzADServicePrincipal. Note that the AllowedDataSourceTypes must be null when the role is admin (implying all datasource types are allowed). This command is run in the Brazil south region, so the gateway cluster ID provided should be in that region.
Parameters
-AllowedDataSourceTypes
Datasource types that are allowed for this user/role combination. This must be null if the role is admin(implying all datasource types are allowed). The list of data source type may change based on supported data sources. Note: This parameter applies only for PowerApps and Flow.
| Type: | DatasourceType[] |
| Accepted values: | Sql, AnalysisServices, SAPHana, File, Folder, Oracle, Teradata, SharePointList, Web, OData, DB2, MySql, PostgreSql, Sybase, Extension, SAPBW, AzureTables, AzureBlobs, Informix, ODBC, Excel, SharePoint, PubNub, MQ, BizTalk, GoogleAnalytics, CustomHttpApi, Exchange, Facebook, HDInsight, AzureMarketplace, ActiveDirectory, Hdfs, SharePointDocLib, PowerQueryMashup, OleDb, AdoDotNet, R, LOB, Salesforce, CustomConnector, SAPBWMessageServer, AdobeAnalytics, Essbase, AzureDataLakeStorage, SapErp, UIFlow, CDPA, EventHub, Unknown |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-GatewayClusterId
Gateway cluster to which the user should be added
| Type: | Guid |
| Aliases: | Cluster, Id |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-PrincipalObjectId
Azure Active Directory (AAD) principal object ID (i.e. user ID) to add to the gateway cluster
| Type: | Guid |
| Aliases: | User |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-RegionKey
The Azure region associated with the specified gateway cluster. Not providing a -RegionKey will run the command in the default region for your tenant.
To get the list of available region parameters run the Get-DataGatewayRegion command
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Role
Role to apply to this user on the cluster. Users can be added as admins, connection creators(Can Use) or Connection Creators with sharing(Can use + Share) capability. Connection creators(Can Use) and Connection Creators with sharing(Can use + Share) capability apply only for PowerApps and Flow.
| Type: | GatewayPrincipalRole |
| Accepted values: | Admin, ConnectionCreator, ConnectionCreatorWithReshare |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Scope
Security Scope to run the command. This would determine if you are running this command in the scope of a Tenant/Service admin or a Gateway Admin
| Type: | PowerBIUserScope |
| Accepted values: | Individual, Organization |
| Position: | Named |
| Default value: | Individual |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
None
Outputs
System.Void